On Mon, 27 Sep 2004 04:28, Tom London <selinux@xxxxxxxxx> wrote: > That's not right, is it? Shouldn't cupsd be running in cupsd_t? Correct. > The following patch adds a > domain_auto_trans(hald_t, cupsd_exec_t, cupsd_t) > to cups.te Good work, I've put that in my tree. Also we should remove the can_exec_any() from hald.te ASAP, it's a time bomb allowing large numbers of undesired programs to run in hald_t. > This makes the 'new' cupsd run in cupsd_t. > This doesn't fix everything, as there are still about 170 AVCs. > > Do we need to add a bunch of 'domain_auto_trans' rules for > hald_t (for apmd_t, crond_t, ......)? dontaudits? I'll look into that later. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
